Dynamic analysis

- Unlike static code analysis,…dynamic code analysis tests software while it's running.…Dynamic analysis can be done in two ways.…One is black-box testing and the other is white-box testing.…In the case of white-box testing,…it tests the software, both in it's…intended and unintended ways of use.…It validates the security functionality of the software…and checks whether implementation…confirms to it's original design.…

There are some requirements to be met to conduct…effective white-box testing.…The obvious requirement is access to source code.…The test team also needs the knowledge of…what makes the software secure and vulnerable.…In addition, they need to think like an attacker.…The best time to conduct white-box testing…is during the uni-test phase, although,…it can be done anytime during…a typical software engineering life cycle.…

Unlike the white-box testing,…black-box testing can only depend on…the software requirements or specifications.…Testers don't have the knowledge of the…inner workings of the software…

Resume Transcript Auto-Scroll

Author

Released

11/12/2015

Software developers are constantly told to use secure coding practices. Luckily, with today's tools, secure code doesn't take a lot of time or effort. There are security frameworks (authentication, authorization, etc.) developers can use as their own. There are also static and dynamic code analysis tools to test code. Plus, with security patterns that can be implemented at the design level—before coding ever begins—you can make sure you're not reinventing the wheel.

Jungwoo Ryoo is a faculty member teaching cybersecurity and information technology at Penn State. In this course, he'll introduce secure software development tools and frameworks and teach secure coding practices such as input validation, separation of concerns, and single access point. He'll also show how to recognize different kinds of security threats and fortify your code. Plus, he'll help you put a system in place to test your software for any overlooked vulnerabilities.